PVS (Prototype Verification System)

When your System must be absolutely, positively, exactly correct...

SRI International's PVS Specification and Verification System helps you provide the solution.

How does a pilot "know" that the computer systems controlling the flight of your airplane are properly coordinated? What if tomorrow's fancy car computers don't apply the correct braking force? How many hundreds of miles off target could an incorrect calculation send a spacecraft or satellite?

The critical systems of tomorrow require strong assurance that their software and hardware systems contain no lurking bugs. That's why their developers, government certifying agencies, and researchers are investigating formal verification systems such as SRI's PVS.

What is PVS and how is it used?

PVS stands for "Prototype Verification System." It provides you with increased assurance that mission and safety-critical systems will behave as intended, via a specification language integrated with support tools and a theorem prover. It is primarily used for the formalization of requirements and design-level specifications, and for the analysis of intricate and difficult problems such as fault tolerance and distributed algorithms. Formal analysis provides something that testing never canthe ability to explore *all* behaviors of your system.

The PVS system is written in Common Lisp and runs on Linux; and builds on over 20 years of experience at SRI's Computer Science Laboratory in building and using tools to support formal methods.

Why Lisp and Allegro CL?

SRI used Lisp to create PVS because of the flexibility and ease-of-implementation the language provides. "The Lisp development environment lets us do rapid prototyping, incremental development and is very easy to maintain. We have maintained and modified the PVS code for over 9 years and Allegro CL and CLOS have supported this well," says Dave Stringer-Calvert, a Software Engineer with SRI's Computer Science Laboratory. "It also interfaces well, when we need to link in other items such as pieces of 'C' code."

Speed is also critical, and that is why they use Allegro CL. "We had implemented older versions of the system in lots of different Lisps; but Allegro CL is the only Lisp that featured a sufficiently fast CLOS implementation." says Stringer-Calvert. "PVS is a very heavy processor-intensive application, so we need the speed," he adds.

Why Linux?

To understand why SRI used Linux is to understand their philosophy about research. SRI was founded in 1946 with the mission to "perform research for the greater benefit of humanity." Since the PVS application is provided free of charge (under license), SRI didn't want its use constrained by customer system costs. "We chose Linux because it was free," says Stringer-Calvert. "Many of our customers are academics who have tight budget constraints. With Linux, for a few thousand dollars you can implement a powerful system." He says that Linux has been very stable and they have had no great problems with it. They chose Red Hat Linux because that's what Allegro CL runs on - although several of their customers are using PVS on different Linux distributions without problem.

The Future of PVS

SRI continues to support and improve the PVS system to meet the needs of their customers. Their next release, due later this year, will include the ability to translate specifications directly into Lisp code, and then execute them. This will enable users not only to examine properties that they want their system to have, but explore behaviors with real input data. Again, Allegro CL helped to make it happen by enabling code to generated "on the fly." Stringer-Calvert says, "Allegro CL made it easier to build this new feature because Lisp is an easy language to automatically generate."

Dr Dave Stringer-Calvert is a software engineer at SRI's Computer Science Laboratory (CSL). CSL, founded in 1952, was one of the first laboratories to focus on computer science. The first message sent across ARPAnet (the precursor of today's Internet) was received at SRI, and the mouse and hypertext were developed there by Doug Englebart.